Description of problem:
While debugging user environments over IRC, we often request the output to certain commands that end up being viewable by everyone on #openshift. We recently found the 'rhc-chk -d' will display the user's database password. We should obfuscate it.

This still exposes the password length:
self[k] = "*" * v.length
it would be much better to assign a static length of ********'s in case the user has a very short password, this will let the attacker know that brute forcing it is possible.

Kurt,
Thank you for raising that point. Here's a new pull request to address it: https://github.com/openshift/rhc/pull/264
Jianwei,
Where did you run 'rhc-chk'? The image devenv_2613 has the change needed, but the machine on which you ran 'rhc-chk' might not. The 'rhc' gem has not been released, so you'll have to either try it from source, or run it on the image itself.